On (18/06/20 09:11), Sangster, Mark wrote: >Hello, > >We are experiencing an issue with a user when they attempt to login. Other >users can continue to login. It does seem to repeat on this specific user. > >If I blitz the SSSD cache and restart it, then they find they can login again. > >They indicated that just prior to the event, they were forced to reboot their >machine (i.e. unclean disconnect) and it was after that they couldn’t login. > >This was the successful session just before: > >Jun 17 08:00:58 server sshd[11882]: pam_sss(sshd:auth): authentication >success; logname= uid=0 euid=0 tty=ssh ruser= rhost=<CLIENTIP> user=username >Jun 17 08:00:58 server sshd[11882]: Accepted password for username from ><CLIENTIP> port 59680 ssh2 >Jun 17 08:00:59 server sshd[11882]: pam_unix(sshd:session): session opened for >user username by (uid=0) >Jun 17 13:22:17 server sshd[11882]: pam_unix(sshd:session): session closed for >user username > >The next session which failed: > >Jun 17 13:33:13 server sshd[13210]: pam_sss(sshd:auth): authentication >success; logname= uid=0 euid=0 tty=ssh ruser= rhost=<CLIENTIP> user=username >Jun 17 13:33:13 server sshd[13210]: pam_sss(sshd:account): Access denied for >user username: 4 (System error) >Jun 17 13:33:13 server sshd[13210]: Failed password for username from ><CLIENTIP> port 50114 ssh2 >Jun 17 13:33:13 server sshd[13210]: fatal: Access denied for user username by >PAM account configuration [preauth] > >There does not look to be any additional log information in SSSD representing >the error. The troubleshooting suggested I follow up here for “system error 4”. > >It would be tricky to run debug on this, as this took 4 days until the failure >reappeared and we might fill our log space very quickly. >
Pam return code 4 (System error) means some unexpected situation in sssd (usually in backend) I would recomment to follow following guide https://sssd.io/docs/users/troubleshooting.html It would be good to also provide more details about your configuration type/version of directory server, ... LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
